On Wed, Dec 01, 2010 at 04:50:20PM -0600, Stan Hoeppner wrote:
> > No, LDAP lookups are simpler and cheaper than SMTP probes. The Postfix
> > LDAP driver works with MSFT AD via simple password binds. Code for SASL
> > binds (e.g. for folks who want to use GSSAPI) should be available in
> > the 2.8 release if all goes well.
>
> Are LDAP queries still simpler and cheaper once all recipient addresses
> are cached in $data_directory/verify_cache?
Yes, because the vast majority of "RCPT TO" commands are dictionary
attacks, if not all the time, at least at peak loads when it matters.
Sending an SMTP probe is much more expensive than making an LDAP query.
> Do you disagree with my other 4 points Viktor? You know this stuff far
> better than I, so if I'm wrong on the other points I'd like to be
> corrected, so as not to make the same recommendations in the future.
My comment is about LDAP table lookups vs. RAV (Recipient Address
Validation). I don't recall what your other points were, if it is not
critical, we probably don't need to revisit them.
LDAP tables are supported and not discouraged, but high volume sites
may want to dedicate some LDAP replicas to MTA queries.
--
Viktor.
